Configuring Snmp Notifications For Ipsec - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
Step
2.
Create a manual IPsec
profile and enter its view.
(Optional.) Configure a
3.
description for the IPsec
profile.
4.
Reference an IPsec
transform set for the IPsec
profile.
5.
Configure an SPI for an
SA.
6.
Configure keys for the
IPsec SA.
Configuring SNMP notifications for IPsec
After you enable SNMP notifications for IPsec, the IPsec module notifies the NMS of important module
events. The notifications are sent to the device's SNMP module. You can configure the notification
transmission parameters for the SNMP module to specify how the SNMP module displays notifications.
For more information about SNMP notifications, see Network Management and Monitoring
Configuration Guide.
To generate and output SNMP notifications for IPsec for a specific failure or event type, enable SNMP
notifications for IPsec globally and for the specified failure or event type.
Command
ipsec profile profile-name manual
description text
transform-set transform-set-name
sa spi { inbound | outbound } { ah |
esp } spi-number
•
Configure an authentication key in
hexadecimal format for AH:
sa hex-key authentication
{ inbound | outbound } ah { cipher
| simple } key-value
•
Configure an authentication key in
character format for AH:
sa string-key { inbound |
outbound } ah { cipher | simple }
key-value
•
Configure a key in character
format for ESP:
sa string-key { inbound |
outbound } esp [ cipher | simple ]
key-value
•
Configure an authentication key in
hexadecimal format for ESP:
sa hex-key authentication
{ inbound | outbound } esp
{ cipher | simple } key-value
•
Configure an encryption key in
hexadecimal format for ESP:
sa hex-key encryption { inbound |
outbound } esp { cipher | simple }
key-value
193
Remarks
By default, no IPsec profile exists.
The manual keyword is not needed
if you enter the view of an existing
IPsec profile.
By default, no description is
configured.
By default, no IPsec transform set is
referenced for an IPsec profile.
The referenced IPsec transform set
must use the transport mode.
By default, no SPI is configured for
an SA.
By default, no keys are configured
for the IPsec SA.
Configure a key for the security
protocol (AH, ESP, or both) you
have specified.
If you configure a key in character
format for ESP, the device
automatically generates an
authentication key and an
encryption key for ESP.
If you configure a key in both the
character and hexadecimal
formats, only the most recent
configuration takes effect.
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
